Why You Should Never Pay A Ransomware Ransom

A ransomware infection can be a very, very scary situation to deal with. Many victims aren't sure what to do next when ransomware hits. There's one thing that you should never do, and that pays the ransom.



That's a point that cybersecurity experts have been trying to drive home ever since ransomware first started infecting computers. When faced with the frightening reality that treasured family photos or essential business documents have been encrypted, however, not everyone follows that advice.

Those who don't aren't always pleased with the results. In fact, a recent report from the CyberEdge Group revealed that only 19% of ransomware victims who pay the ransom actually get their files back. It's a risky roll of the dice, to be sure... and just as many people CyberEdge surveyed said they paid and still lost their data.


There are a couple reasons why data gets lost. Sometimes it's because the malware creator's only real goal was to scare people into paying. The criminal never intended to let his or her victims decrypt any files that were encrypted. Other times it's not intentional. In those cases, poorly-coded malware just makes it impossible to undo the encryption process.

There is some good news in the CyberEdge report, however. The numbers show that the majority of victims -- nearly two-thirds -- are refusing to pay. Of those victims, about 86% were able to recover files on their own thanks to regular backups.

What Happens When Victims Pay Ransomware Attackers?

Security News, Views and Opinions from Trend Micro

Kansas hospital hit with second infection after paying ransom

While the Indiana hospital infected by SamSam was able to regain its files and data after paying hackers’ ransom, not every organization is so lucky.

According to HealthcareITNews contributor Bill Siwicki, Kansas Heart Hospital in Wichita was the victim of a ransomware attack in mid-2016. While patient data contained within the hospital’s electronic health records system was not impacted and daily operations were able to continue, officials decided to pay the ransom.

Unlike the Hancock Health case, though, access to files and data was not returned, even after the “small amount” in ransom was sent to attackers. Instead, hackers demanded a second ransom and systems impacted by the initial infection remained locked.

“Kansas Heart Hospital did not pay the second ransom request and said that along with consultants it did not think that would be a wise move, even though attackers still appear to have some of their data locked,” Siwicki wrote.

This hospital’s experience isn’t as unique as it might seem, though. Health care security expert Ryan Witt told Siwicki that hackers will often take part in a “tried and tested dance” wherein they demand a small ransom amount, and then demand a second, higher amount once the first is paid.

“Demands for funds are soaring, and the problem is organizations are paying,” Witt noted. “Ransomware will get worse before it gets better.”

Addressing ransomware: Trend Micro’s File Decryptor

As these cases have shown, paying up in the hopes that a ransomware attack will end is not the best strategy. It’s imperative that organizations have backups of all of their critical files and data, and that these are stored in the cloud or another separate, off-site location. In this way, should an attack take place, IT admins can recover using the company’s backups.